Thoughts (and occasionally fuming) about the state of science, fiction, and science fiction.

by author and technologistEdward M. Lerner

Tuesday, November 22, 2011

Hacked off

It's not only me. The list of folks being hacked -- about which we all should be hacked off -- is depressingly long. And no, this post isn't about the latest sorry litany of identity thefts or compromises of credit-card databases (as maddening as those incidents are).

It's about matters far worse.

A major factor in my novel Fools' Experiments (2008) was a hostile entity -- in this case, an artificial intelligence -- wreaking havoc on the physical world via the Internet. Born to cyberspace, the AI didn't understand the physical world, but -- justifiably ticked off, for reasons I won't go into here -- it undertook to compromise networked resources that it found to be well-protected. Someone obviously valued them.

And the SCADA (Supervisory Control And Data Acquisition) interface that provided the hacker with access to the physical-world pump? SCADA devices are common things -- widely at risk, at least in principle, to more such meddling. It's not only the US, of course, that's under attack. Consider (from Yahoo News) that "Norway hit by major data-theft attack." Modern economies run on energy. We're told that:

At least 10 different attacks, mostly aimed at the oil, gas, energy and defense industries, were discovered in the past year, but the agency said it has to assume the number is much higher because many victims have yet to realize that their computers have been hacked.

As modern warfare, at least as practiced by the US, switches to unmanned and computerized weapon platforms (not yet, quite, to robots), how worrisome is this CBS report that: "Virus infects Pentagon drones' computers"?

It's not clear whether the virus was deliberately aimed at the military computers or whether it got there through the general spread of infectious malware, but "the virus has resisted multiple efforts to remove it from Creech's computers," Wired reported, citing three unnamed sources. (Aside: that's Creech AFB in Nevada.)

Also unclear is whether the keylogger software has revealed any secure data. But it is running on classified computer networks, Wired said.

Not very reassuring, is that? Especially when:

Wired reported that the virus was discovered two weeks ago and that the virtual pilots continue to run missions from the Air Force base.

Last for today, but certainly not least, consider this lengthy report from The Wall Street Journal: "Document Trove Exposes Surveillance Methods." The WSJ's reporter visited a trade show for commercial systems with which governments and law enforcement agencies can hoover up and examine vast quantities of electronic communications.

At the Washington and Dubai trade conferences this year, which are generally closed to the public, Journal reporters were prevented by organizers from attending sessions or entering the exhibition halls. February's Dubai conference took place at a time of widespread unrest elsewhere in the region. Nearly 900 people showed up, down slightly because of the regional turmoil, according to an organizer.

Presentations in Dubai included how to intercept wireless Internet traffic, monitor social networks and track cellphone users. "All of the companies involved in lawful intercept are trying to sell to the Middle East," said Simone Benvenuti, of RCS SpA, an Italian company that sells monitoring centers and other "interception solutions," mostly to governments. He declined to identify any clients in the region.

The article sheds some light on how the exploits are done. Such as:

Among the most controversial technologies on display at the conference were essentially computer-hacking tools to enable government agents to break into people's computers and cellphones, log their keystrokes and access their data. Although hacking techniques are generally illegal in the U.S., law enforcement can use them with an appropriate warrant, said Orin Kerr, a professor at George Washington University Law School and former computer-crime attorney at the Justice Department.

And:

Vupen, which gave a presentation at the conference on "exploiting computer and mobile vulnerabilities for electronic surveillance," said its tools take advantage of security holes in computers or cellphones that manufacturers aren't yet aware of. Vupen's marketing documents describe its researchers as "dedicated" to finding "unpatched vulnerabilities" in software created by Microsoft Corp., Apple Inc. and others. On its website, the company offered attendees a "free Vupen exploit sample" that relied on an already-patched security hole.

And:

The documents for FinFisher, a Gamma product, say it works by "sending fake software updates for popular software." In one example, FinFisher says intelligence agents deployed its products "within the main Internet service provider of their country" and infected people's computers by "covertly injecting" FinFisher code on websites that people then visited.

The company also claims to have allowed an intelligence agency to trick users into downloading its software onto BlackBerry mobile phones "to monitor all communications, including [texts], email and BlackBerry Messenger." Its marketing documents say its programs enable spying using devices and software from Apple, Microsoft, and Google Inc., among others. FinFisher documents at the conference were offered in English, Arabic and other languages.

Meanwhile, of course, the trend in popular software is to default to automatic updates (Microsoft Windows) or not even give users a choice of if/when to accept an update (the last time I checked, the popular Opera browser).

To bottom-line it, societal exposure to malware and networked malfeasance continues to grow. The occasional rogue AI will fit right in ...

(And with that cheery thought, I'll wish a Happy Thanksgiving to my US readers.

As an engineer in the power industry, all I can say is yikes! Prohibiting remote control of unstaffed facilities just isn’t feasible today. Your only defenses against this are well trained operators who routinely monitor not only control screens, but also read/record local gages, a fairly standard procedure for PSM facilities, robust hardware safeties and disconnects, and isolated controllers for process critical functions.

Fortunately, I have never been to a plant that runs its DCS on a Windows OS.

What to read?

Non-US shoppers

Featured Post: A Milestone

On October 16, 2007, Fleet of Worlds was first published. That is: ten years ago to the day. Larry and Ed at 2015 Nebula weekend This...

Energized (Newly reissued!)

"A taut near-future thriller about an energy-starved Earth held hostage by a power-mad international cartel … Lerner’s vision of the future is both topical and possible in this crisp, fast-paced hard SF adventure.” —Publishers Weekly

Dark Secret (my latest)

"I heartily recommend Ed Lerner's Dark Secret" — Tangent Online

InterstellarNet: Enigma (I-Net #3)

"One of the most rewarding SF reading experiences anyone could ask for, on both an intellectual and emotional level." — Tangent Online

InterstellarNet: Origins (I-Net #1)

"One of the most original, believable, thoroughly thought-out, and utterly fascinating visions ever of what interstellar contact might really be like."— Stanley Schmidt, editor of Analog

A Time Foreclosed

"A nice little foray into the paradoxes of time travel" — SFRevu

Fate of Worlds (FOW #5)

“Brings to a stunning close a multivolume saga that has captured the imaginations of a multitude of readers … a story that will attract attention from series fans as well as readers of hard sf.” — Library Journal

Juggler of Worlds (FoW #2)

“A snazzy thriller/mystery that keeps us (and our hero) guessing until the very end ... Wide screen galactic scope, nifty super-science, crafty aliens, corporate corruption and cover ups, and a multi-leveled spy vs. spy vs. spy mystery with little being as it first appears make Juggler of Worlds a first class exemplar of pure SF entertainment.” —SFsite

Fleet of Worlds (FoW #1)

" ... Needs recommending within the science fiction community about as much as a new Harry Potter novel does – well, anywhere." —Locus

ARMAGEDDON / PARADISE -- two books in one

"A romp through time and history ... an intriguing selection." — Bookloons

Small Miracles

"Suspense and action enough to fuel any thriller, and even to drive it to the big screen." —SFrevu

Fools' Experiments

“When the artificial intelligences ... go maverick, they turn out to be the true weapons of mass destruction. A fast, fun read.” — Sci Fi Weekly

Ed's Facebook page

subscribe to:

Follow SF and Nonsense by email

About Me

I'm a physicist and computer scientist (and an MBA, of less relevance to most of these posts). After thirty years in industry, as everything from individual technical contributor to senior vice president, I now write full-time. Mostly I write science fiction and techno-thrillers, now and again throwing in a straight science or technology article.